diff --git a/proxy/vmess/aead/authid.go b/proxy/vmess/aead/authid.go
index 74ba43485..5ba2db1fa 100644
--- a/proxy/vmess/aead/authid.go
+++ b/proxy/vmess/aead/authid.go
@@ -32,7 +32,7 @@ func CreateAuthID(cmdKey []byte, time int64) [16]byte {
 }
 
 func NewCipherFromKey(cmdKey []byte) cipher.Block {
-	aesBlock, err := aes.NewCipher(KDF16(cmdKey, "AES Auth ID Encryption"))
+	aesBlock, err := aes.NewCipher(KDF16(cmdKey, KDFSaltConst_AuthIDEncryptionKey))
 	if err != nil {
 		panic(err)
 	}
diff --git a/proxy/vmess/aead/consts.go b/proxy/vmess/aead/consts.go
new file mode 100644
index 000000000..838d1835b
--- /dev/null
+++ b/proxy/vmess/aead/consts.go
@@ -0,0 +1,21 @@
+package aead
+
+const KDFSaltConst_AuthIDEncryptionKey = "AES Auth ID Encryption"
+
+const KDFSaltConst_AEADRespHeaderLenKey = "AEAD Resp Header Len Key"
+
+const KDFSaltConst_AEADRespHeaderLenIV = "AEAD Resp Header Len IV"
+
+const KDFSaltConst_AEADRespHeaderPayloadKey = "AEAD Resp Header Key"
+
+const KDFSaltConst_AEADRespHeaderPayloadIV = "AEAD Resp Header IV"
+
+const KDFSaltConst_VMessAEADKDF = "VMess AEAD KDF"
+
+const KDFSaltConst_VmessAuthIDCheckValue = "VMess AuthID Check Value"
+
+const KDFSaltConst_VMessLengthMask = "VMess AuthID Mask Value"
+
+const KDFSaltConst_VMessHeaderPayloadAEADKey = "VMess Header AEAD Key"
+
+const KDFSaltConst_VMessHeaderPayloadAEADIV = "VMess Header AEAD Nonce"
diff --git a/proxy/vmess/aead/encrypt.go b/proxy/vmess/aead/encrypt.go
index 86ab4bc3e..5fb6765f6 100644
--- a/proxy/vmess/aead/encrypt.go
+++ b/proxy/vmess/aead/encrypt.go
@@ -14,128 +14,128 @@ import (
 )
 
 func SealVMessAEADHeader(key [16]byte, data []byte) []byte {
-	authid := CreateAuthID(key[:], time.Now().Unix())
+	generatedAuthID := CreateAuthID(key[:], time.Now().Unix())
 
-	nonce := make([]byte, 8)
-	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
+	connectionNonce := make([]byte, 8)
+	if _, err := io.ReadFull(rand.Reader, connectionNonce); err != nil {
 		panic(err.Error())
 	}
 
-	lengthbuf := bytes.NewBuffer(nil)
+	aeadPayloadLengthSerializeBuffer := bytes.NewBuffer(nil)
 
-	var HeaderDataLen uint16
-	HeaderDataLen = uint16(len(data))
+	var headerPayloadDataLen uint16
+	headerPayloadDataLen = uint16(len(data))
 
-	common.Must(binary.Write(lengthbuf, binary.BigEndian, HeaderDataLen))
+	common.Must(binary.Write(aeadPayloadLengthSerializeBuffer, binary.BigEndian, headerPayloadDataLen))
 
-	authidCheck := KDF16(key[:], "VMess AuthID Check Value", string(authid[:]), string(lengthbuf.Bytes()), string(nonce))
+	authidCheckValue := KDF16(key[:], KDFSaltConst_VmessAuthIDCheckValue, string(generatedAuthID[:]), string(aeadPayloadLengthSerializeBuffer.Bytes()), string(connectionNonce))
 
-	lengthbufb := lengthbuf.Bytes()
+	aeadPayloadLengthSerializedByte := aeadPayloadLengthSerializeBuffer.Bytes()
 
-	LengthMask := KDF16(key[:], "VMess AuthID Mask Value", string(authid[:]), string(nonce[:]))[:2]
+	aeadPayloadLengthMask := KDF16(key[:], KDFSaltConst_VMessLengthMask, string(generatedAuthID[:]), string(connectionNonce[:]))[:2]
 
-	lengthbufb[0] = lengthbufb[0] ^ LengthMask[0]
-	lengthbufb[1] = lengthbufb[1] ^ LengthMask[1]
+	aeadPayloadLengthSerializedByte[0] = aeadPayloadLengthSerializedByte[0] ^ aeadPayloadLengthMask[0]
+	aeadPayloadLengthSerializedByte[1] = aeadPayloadLengthSerializedByte[1] ^ aeadPayloadLengthMask[1]
 
-	HeaderAEADKey := KDF16(key[:], "VMess Header AEAD Key", string(authid[:]), string(nonce))
+	payloadHeaderAEADKey := KDF16(key[:], KDFSaltConst_VMessHeaderPayloadAEADKey, string(generatedAuthID[:]), string(connectionNonce))
 
-	HeaderAEADNonce := KDF(key[:], "VMess Header AEAD Nonce", string(authid[:]), string(nonce))[:12]
+	payloadHeaderAEADNonce := KDF(key[:], KDFSaltConst_VMessHeaderPayloadAEADIV, string(generatedAuthID[:]), string(connectionNonce))[:12]
 
-	block, err := aes.NewCipher(HeaderAEADKey)
+	payloadHeaderAEADAESBlock, err := aes.NewCipher(payloadHeaderAEADKey)
 	if err != nil {
 		panic(err.Error())
 	}
 
-	headerAEAD, err := cipher.NewGCM(block)
+	payloadHeaderAEAD, err := cipher.NewGCM(payloadHeaderAEADAESBlock)
 
 	if err != nil {
 		panic(err.Error())
 	}
 
-	headerSealed := headerAEAD.Seal(nil, HeaderAEADNonce, data, authid[:])
+	payloadHeaderAEADEncrypted := payloadHeaderAEAD.Seal(nil, payloadHeaderAEADNonce, data, generatedAuthID[:])
 
-	var outPutBuf = bytes.NewBuffer(nil)
+	var outputBuffer = bytes.NewBuffer(nil)
 
-	common.Must2(outPutBuf.Write(authid[:])) //16
+	common.Must2(outputBuffer.Write(generatedAuthID[:])) //16
 
-	common.Must2(outPutBuf.Write(authidCheck)) //16
+	common.Must2(outputBuffer.Write(authidCheckValue)) //16
 
-	common.Must2(outPutBuf.Write(lengthbufb)) //2
+	common.Must2(outputBuffer.Write(aeadPayloadLengthSerializedByte)) //2
 
-	common.Must2(outPutBuf.Write(nonce)) //8
+	common.Must2(outputBuffer.Write(connectionNonce)) //8
 
-	common.Must2(outPutBuf.Write(headerSealed))
+	common.Must2(outputBuffer.Write(payloadHeaderAEADEncrypted))
 
-	return outPutBuf.Bytes()
+	return outputBuffer.Bytes()
 }
 
 func OpenVMessAEADHeader(key [16]byte, authid [16]byte, data io.Reader) ([]byte, bool, error, int) {
-	var authidCheck [16]byte
-	var lengthbufb [2]byte
+	var authidCheckValue [16]byte
+	var headerPayloadDataLen [2]byte
 	var nonce [8]byte
 
-	n, err := io.ReadFull(data, authidCheck[:])
+	authidCheckValueReadBytesCounts, err := io.ReadFull(data, authidCheckValue[:])
 	if err != nil {
-		return nil, false, err, n
+		return nil, false, err, authidCheckValueReadBytesCounts
 	}
 
-	n2, err := io.ReadFull(data, lengthbufb[:])
+	headerPayloadDataLenReadBytesCounts, err := io.ReadFull(data, headerPayloadDataLen[:])
 	if err != nil {
-		return nil, false, err, n + n2
+		return nil, false, err, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts
 	}
 
-	n4, err := io.ReadFull(data, nonce[:])
+	nonceReadBytesCounts, err := io.ReadFull(data, nonce[:])
 	if err != nil {
-		return nil, false, err, n + n2 + n4
+		return nil, false, err, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + nonceReadBytesCounts
 	}
 
 	//Unmask Length
 
-	LengthMask := KDF16(key[:], "VMess AuthID Mask Value", string(authid[:]), string(nonce[:]))[:2]
+	LengthMask := KDF16(key[:], KDFSaltConst_VMessLengthMask, string(authid[:]), string(nonce[:]))[:2]
 
-	lengthbufb[0] = lengthbufb[0] ^ LengthMask[0]
-	lengthbufb[1] = lengthbufb[1] ^ LengthMask[1]
+	headerPayloadDataLen[0] = headerPayloadDataLen[0] ^ LengthMask[0]
+	headerPayloadDataLen[1] = headerPayloadDataLen[1] ^ LengthMask[1]
 
-	authidCheckV := KDF16(key[:], "VMess AuthID Check Value", string(authid[:]), string(lengthbufb[:]), string(nonce[:]))
+	authidCheckValueReceivedFromNetwork := KDF16(key[:], KDFSaltConst_VmessAuthIDCheckValue, string(authid[:]), string(headerPayloadDataLen[:]), string(nonce[:]))
 
-	if !hmac.Equal(authidCheckV, authidCheck[:]) {
-		return nil, true, errCheckMismatch, n + n2 + n4
+	if !hmac.Equal(authidCheckValueReceivedFromNetwork, authidCheckValue[:]) {
+		return nil, true, errCheckMismatch, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + nonceReadBytesCounts
 	}
 
 	var length uint16
 
-	common.Must(binary.Read(bytes.NewReader(lengthbufb[:]), binary.BigEndian, &length))
+	common.Must(binary.Read(bytes.NewReader(headerPayloadDataLen[:]), binary.BigEndian, &length))
 
-	HeaderAEADKey := KDF16(key[:], "VMess Header AEAD Key", string(authid[:]), string(nonce[:]))
+	payloadHeaderAEADKey := KDF16(key[:], KDFSaltConst_VMessHeaderPayloadAEADKey, string(authid[:]), string(nonce[:]))
 
-	HeaderAEADNonce := KDF(key[:], "VMess Header AEAD Nonce", string(authid[:]), string(nonce[:]))[:12]
+	payloadHeaderAEADNonce := KDF(key[:], KDFSaltConst_VMessHeaderPayloadAEADIV, string(authid[:]), string(nonce[:]))[:12]
 
 	//16 == AEAD Tag size
-	header := make([]byte, length+16)
+	payloadHeaderAEADEncrypted := make([]byte, length+16)
 
-	n3, err := io.ReadFull(data, header)
+	payloadHeaderAEADEncryptedReadedBytesCounts, err := io.ReadFull(data, payloadHeaderAEADEncrypted)
 	if err != nil {
-		return nil, false, err, n + n2 + n3 + n4
+		return nil, false, err, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + payloadHeaderAEADEncryptedReadedBytesCounts + nonceReadBytesCounts
 	}
 
-	block, err := aes.NewCipher(HeaderAEADKey)
+	payloadHeaderAEADAESBlock, err := aes.NewCipher(payloadHeaderAEADKey)
 	if err != nil {
 		panic(err.Error())
 	}
 
-	headerAEAD, err := cipher.NewGCM(block)
+	payloadHeaderAEAD, err := cipher.NewGCM(payloadHeaderAEADAESBlock)
 
 	if err != nil {
 		panic(err.Error())
 	}
 
-	out, erropenAEAD := headerAEAD.Open(nil, HeaderAEADNonce, header, authid[:])
+	out, erropenAEAD := payloadHeaderAEAD.Open(nil, payloadHeaderAEADNonce, payloadHeaderAEADEncrypted, authid[:])
 
 	if erropenAEAD != nil {
-		return nil, true, erropenAEAD, n + n2 + n3 + n4
+		return nil, true, erropenAEAD, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + payloadHeaderAEADEncryptedReadedBytesCounts + nonceReadBytesCounts
 	}
 
-	return out, false, nil, n + n2 + n3 + n4
+	return out, false, nil, authidCheckValueReadBytesCounts + headerPayloadDataLenReadBytesCounts + payloadHeaderAEADEncryptedReadedBytesCounts + nonceReadBytesCounts
 }
 
 var errCheckMismatch = errors.New("check verify failed")
diff --git a/proxy/vmess/aead/kdf.go b/proxy/vmess/aead/kdf.go
index 0872db9de..26b9540c3 100644
--- a/proxy/vmess/aead/kdf.go
+++ b/proxy/vmess/aead/kdf.go
@@ -9,7 +9,7 @@ import (
 func KDF(key []byte, path ...string) []byte {
 	hmacf := hmac.New(func() hash.Hash {
 		return sha256.New()
-	}, []byte("VMess AEAD KDF"))
+	}, []byte(KDFSaltConst_VMessAEADKDF))
 
 	for _, v := range path {
 		hmacf = hmac.New(func() hash.Hash {
diff --git a/proxy/vmess/encoding/client.go b/proxy/vmess/encoding/client.go
index 2436dab83..d34ef484c 100644
--- a/proxy/vmess/encoding/client.go
+++ b/proxy/vmess/encoding/client.go
@@ -208,43 +208,42 @@ func (c *ClientSession) DecodeResponseHeader(reader io.Reader) (*protocol.Respon
 		aesStream := crypto.NewAesDecryptionStream(c.responseBodyKey[:], c.responseBodyIV[:])
 		c.responseReader = crypto.NewCryptionReader(aesStream, reader)
 	} else {
-		resph := vmessaead.KDF16(c.responseBodyKey[:], "AEAD Resp Header Len Key")
-		respi := vmessaead.KDF(c.responseBodyIV[:], "AEAD Resp Header Len IV")[:12]
+		aeadResponseHeaderLengthEncryptionKey := vmessaead.KDF16(c.responseBodyKey[:], vmessaead.KDFSaltConst_AEADRespHeaderLenKey)
+		aeadResponseHeaderLengthEncryptionIV := vmessaead.KDF(c.responseBodyIV[:], vmessaead.KDFSaltConst_AEADRespHeaderLenIV)[:12]
 
-		aesblock := common.Must2(aes.NewCipher(resph)).(cipher.Block)
-		aeadHeader := common.Must2(cipher.NewGCM(aesblock)).(cipher.AEAD)
+		aeadResponseHeaderLengthEncryptionKeyAESBlock := common.Must2(aes.NewCipher(aeadResponseHeaderLengthEncryptionKey)).(cipher.Block)
+		aeadResponseHeaderLengthEncryptionAEAD := common.Must2(cipher.NewGCM(aeadResponseHeaderLengthEncryptionKeyAESBlock)).(cipher.AEAD)
 
-		var AEADLen [18]byte
-		var lenresp int
+		var aeadEncryptedResponseHeaderLength [18]byte
+		var decryptedResponseHeaderLength int
+		var decryptedResponseHeaderLengthBinaryDeserializeBuffer uint16
 
-		var lenrespr uint16
-
-		if _, err := io.ReadFull(reader, AEADLen[:]); err != nil {
+		if _, err := io.ReadFull(reader, aeadEncryptedResponseHeaderLength[:]); err != nil {
 			return nil, newError("Unable to Read Header Len").Base(err)
 		}
-		if AEADLend, err := aeadHeader.Open(nil, respi, AEADLen[:], nil); err != nil {
+		if decryptedResponseHeaderLengthBinaryBuffer, err := aeadResponseHeaderLengthEncryptionAEAD.Open(nil, aeadResponseHeaderLengthEncryptionIV, aeadEncryptedResponseHeaderLength[:], nil); err != nil {
 			return nil, newError("Failed To Decrypt Length").Base(err)
 		} else {
-			common.Must(binary.Read(bytes.NewReader(AEADLend), binary.BigEndian, &lenrespr))
-			lenresp = int(lenrespr)
+			common.Must(binary.Read(bytes.NewReader(decryptedResponseHeaderLengthBinaryBuffer), binary.BigEndian, &decryptedResponseHeaderLengthBinaryDeserializeBuffer))
+			decryptedResponseHeaderLength = int(decryptedResponseHeaderLengthBinaryDeserializeBuffer)
 		}
 
-		resphc := vmessaead.KDF16(c.responseBodyKey[:], "AEAD Resp Header Key")
-		respic := vmessaead.KDF(c.responseBodyIV[:], "AEAD Resp Header IV")[:12]
+		aeadResponseHeaderPayloadEncryptionKey := vmessaead.KDF16(c.responseBodyKey[:], vmessaead.KDFSaltConst_AEADRespHeaderPayloadKey)
+		aeadResponseHeaderPayloadEncryptionIV := vmessaead.KDF(c.responseBodyIV[:], vmessaead.KDFSaltConst_AEADRespHeaderPayloadIV)[:12]
 
-		aesblockc := common.Must2(aes.NewCipher(resphc)).(cipher.Block)
-		aeadHeaderc := common.Must2(cipher.NewGCM(aesblockc)).(cipher.AEAD)
+		aeadResponseHeaderPayloadEncryptionKeyAESBlock := common.Must2(aes.NewCipher(aeadResponseHeaderPayloadEncryptionKey)).(cipher.Block)
+		aeadResponseHeaderPayloadEncryptionAEAD := common.Must2(cipher.NewGCM(aeadResponseHeaderPayloadEncryptionKeyAESBlock)).(cipher.AEAD)
 
-		respPayload := make([]byte, lenresp+16)
+		encryptedResponseHeaderBuffer := make([]byte, decryptedResponseHeaderLength+16)
 
-		if _, err := io.ReadFull(reader, respPayload); err != nil {
+		if _, err := io.ReadFull(reader, encryptedResponseHeaderBuffer); err != nil {
 			return nil, newError("Unable to Read Header Data").Base(err)
 		}
 
-		if AEADData, err := aeadHeaderc.Open(nil, respic, respPayload, nil); err != nil {
+		if decryptedResponseHeaderBuffer, err := aeadResponseHeaderPayloadEncryptionAEAD.Open(nil, aeadResponseHeaderPayloadEncryptionIV, encryptedResponseHeaderBuffer, nil); err != nil {
 			return nil, newError("Failed To Decrypt Payload").Base(err)
 		} else {
-			c.responseReader = bytes.NewReader(AEADData)
+			c.responseReader = bytes.NewReader(decryptedResponseHeaderBuffer)
 		}
 	}
 
diff --git a/proxy/vmess/encoding/server.go b/proxy/vmess/encoding/server.go
index 9d0414dd6..c71c8b338 100644
--- a/proxy/vmess/encoding/server.go
+++ b/proxy/vmess/encoding/server.go
@@ -383,10 +383,10 @@ func (s *ServerSession) EncodeResponseHeader(header *protocol.ResponseHeader, wr
 	encryptionWriter = crypto.NewCryptionWriter(aesStream, writer)
 	s.responseWriter = encryptionWriter
 
-	aeadBuffer := bytes.NewBuffer(nil)
+	aeadEncryptedHeaderBuffer := bytes.NewBuffer(nil)
 
 	if s.isAEADRequest {
-		encryptionWriter = aeadBuffer
+		encryptionWriter = aeadEncryptedHeaderBuffer
 	}
 
 	common.Must2(encryptionWriter.Write([]byte{s.responseHeader, byte(header.Option)}))
@@ -397,30 +397,30 @@ func (s *ServerSession) EncodeResponseHeader(header *protocol.ResponseHeader, wr
 
 	if s.isAEADRequest {
 
-		resph := vmessaead.KDF16(s.responseBodyKey[:], "AEAD Resp Header Len Key")
-		respi := vmessaead.KDF(s.responseBodyIV[:], "AEAD Resp Header Len IV")[:12]
+		aeadResponseHeaderLengthEncryptionKey := vmessaead.KDF16(s.responseBodyKey[:], vmessaead.KDFSaltConst_AEADRespHeaderLenKey)
+		aeadResponseHeaderLengthEncryptionIV := vmessaead.KDF(s.responseBodyIV[:], vmessaead.KDFSaltConst_AEADRespHeaderLenIV)[:12]
 
-		aesblock := common.Must2(aes.NewCipher(resph)).(cipher.Block)
-		aeadHeader := common.Must2(cipher.NewGCM(aesblock)).(cipher.AEAD)
+		aeadResponseHeaderLengthEncryptionKeyAESBlock := common.Must2(aes.NewCipher(aeadResponseHeaderLengthEncryptionKey)).(cipher.Block)
+		aeadResponseHeaderLengthEncryptionAEAD := common.Must2(cipher.NewGCM(aeadResponseHeaderLengthEncryptionKeyAESBlock)).(cipher.AEAD)
 
-		aeadlenBuf := bytes.NewBuffer(nil)
+		aeadResponseHeaderLengthEncryptionBuffer := bytes.NewBuffer(nil)
 
-		var aeadLen uint16
-		aeadLen = uint16(aeadBuffer.Len())
+		var decryptedResponseHeaderLengthBinaryDeserializeBuffer uint16
+		decryptedResponseHeaderLengthBinaryDeserializeBuffer = uint16(aeadEncryptedHeaderBuffer.Len())
 
-		common.Must(binary.Write(aeadlenBuf, binary.BigEndian, aeadLen))
+		common.Must(binary.Write(aeadResponseHeaderLengthEncryptionBuffer, binary.BigEndian, decryptedResponseHeaderLengthBinaryDeserializeBuffer))
 
-		sealedLen := aeadHeader.Seal(nil, respi, aeadlenBuf.Bytes(), nil)
-		common.Must2(io.Copy(writer, bytes.NewReader(sealedLen)))
+		AEADEncryptedLength := aeadResponseHeaderLengthEncryptionAEAD.Seal(nil, aeadResponseHeaderLengthEncryptionIV, aeadResponseHeaderLengthEncryptionBuffer.Bytes(), nil)
+		common.Must2(io.Copy(writer, bytes.NewReader(AEADEncryptedLength)))
 
-		resphc := vmessaead.KDF16(s.responseBodyKey[:], "AEAD Resp Header Key")
-		respic := vmessaead.KDF(s.responseBodyIV[:], "AEAD Resp Header IV")[:12]
+		aeadResponseHeaderPayloadEncryptionKey := vmessaead.KDF16(s.responseBodyKey[:], vmessaead.KDFSaltConst_AEADRespHeaderPayloadKey)
+		aeadResponseHeaderPayloadEncryptionIV := vmessaead.KDF(s.responseBodyIV[:], vmessaead.KDFSaltConst_AEADRespHeaderPayloadIV)[:12]
 
-		aesblockc := common.Must2(aes.NewCipher(resphc)).(cipher.Block)
-		aeadHeaderc := common.Must2(cipher.NewGCM(aesblockc)).(cipher.AEAD)
+		aeadResponseHeaderPayloadEncryptionKeyAESBlock := common.Must2(aes.NewCipher(aeadResponseHeaderPayloadEncryptionKey)).(cipher.Block)
+		aeadResponseHeaderPayloadEncryptionAEAD := common.Must2(cipher.NewGCM(aeadResponseHeaderPayloadEncryptionKeyAESBlock)).(cipher.AEAD)
 
-		sealed := aeadHeaderc.Seal(nil, respic, aeadBuffer.Bytes(), nil)
-		common.Must2(io.Copy(writer, bytes.NewReader(sealed)))
+		aeadEncryptedHeaderPayload := aeadResponseHeaderPayloadEncryptionAEAD.Seal(nil, aeadResponseHeaderPayloadEncryptionIV, aeadEncryptedHeaderBuffer.Bytes(), nil)
+		common.Must2(io.Copy(writer, bytes.NewReader(aeadEncryptedHeaderPayload)))
 	}
 }